Everything you do on your iPhone may be open to NSA snooping thanks to a covert software the agency can install without user's knowledge. Apparently the app, called Dropout Jeep, can remotely send all of your text messages, contacts and voicemails to the NSA, and can activate your iPhone's camera or mic for real time surveillance, too.
Security researcher says NSA can spy on your iPhone
In a presentation at the 30th Chaos Communication Congress in Germany, security researcher Jacob Applebaum detailed the NSA's iPhone spying capabilities. Along with being able to use Dropout Jeep to collect your conversations and contacts, the agency can use cell towers to find your location, and can remotely push new files to user's iPhones.
The NSA documents Mr. Applebaum referenced say it has a perfect track record for installing Dropout Jeep on targeted iPhones, meaning they have been able to successfully install the software on every iPhone they want. Based on the agency's success rate and the amount of data they're able to collect, Mr. Applebaum questions Apple's involvement.
He said in a presentation at the conference,
I don't really believe that Apple didn't help them. I can't really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write shitty software.
PRISM is an NSA program to gain back door access to company servers so it can gather personal information and user activity without first gaining a court order. Apple has claimed it doesn't participate in PRISM, and went so far as to say it hadn't even heard of the program until it first appeared in the news in June 2013.
In a public statement Apple said, "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."
Apple has since asked the NSA for better transparency on surveillance, and has said that text messages sent through iMessages are encrypted and that it can't convert them back to readable text.
Apple has also said that it doesn't collect data about user activities. If true, that would make a secret back door into the company's servers less valuable, and would make something lie Dropout Jeep far more useful since it allows the NSA to gather whatever information it wants without directly involving Apple or its servers.
It's a safe assumption that if the NSA has developed clandestine surveillance malware for the iPhone, it has done the same for other smartphone platforms, too. Android OS, Windows Mobile, and BlackBerry have all likely been targeted with similar malware, too.
A 2008 document that details Dropout Jeep said that in needed to be installed via "close access methods," but that the agency was working on a way to remotely install the malware. Considering that was five years ago, it's possible the NSA has moved on to remote installation, which could give the agency the ability to install its monitoring tools on any iPhone anywhere in the world at any time.
Balancing the right to privacy with national security is always a tricky act. While the NSA will deny the existence of many surveillance programs regardless of whether or not they actually exist, the number of leaked documents show the agency is involved in collecting massive amounts of personal information without court order or consent, and that means the scales have tipped away from privacy in a big way.
[Thanks to The Daily Dot for the heads up.]